网管联盟 | 网管论坛 | 网管u家 | 网管博客 | 网管软件 | 网管求职 | 小游戏 | 网管搜索 | 网管原创 | 网管聚合 | 网管读摘 | 网管焦点 | 世界素材 | 会员投稿 | 会员中心 
中国网管联盟
Windows Linux Cisco 网络技术 数据库 黑客攻防 DotNet Java PHP 认证 新闻资讯 服务器 存储资讯 网络设备 网管学堂 技术专题 焦点 网吧频道
 当前位置: > bitsCN.com > 网络攻防 > 黑客技术 > Exploit > VMware ESX Server AMD fxsave/restore Issue  

VMware ESX Server AMD fxsave/restore Issue

2006-11-20  作者:网管整理  来源:bitsCN.com  点评 投稿 收藏


Summary
A vulnerability in VMware allows attacker to exploit an AMD fxsave/restore security vulnerability which in turn can be used to disclose sensitive information.



Credit:
The information has been provided by VMware Security team.
The original article can be found at: http://kb.vmware.com/kb/2533126

Details:

Vulnerable Systems:
* ESX Server version 3.0.0 without any patches

Immune Systems:
* ESX Server version 3.0.0 with the fxsave/restore patch

The instructions fxsave and fxrstor on AMD CPUs are used to save or restore the FPU registers (FOP, FIP and FDP). On AMD Opteron processors, these instructions do not save/restore some exception related registers unless an exception is currently being serviced. This could allow a local attacker to partially monitor the execution path of FPU processes, possibly allowing them to obtain sensitive information being passed through those processes.

The Common Vulnerabilities and Exposures project (cve.mitre.org) assigned the name CVE-2006-1056 to this issue.

网管网www.bitscn.com



Solution:
1. Log into the ESX Server service console as root.
2. Create a local depot directory.
# mkdir /var/updates
Note: VMware recommends that you use the updates directory.

3. Change your working directory to /var/updates.
# cd /var/updates

4. Download patch ESX-2533126 from http://www.vmware.com/download/vi/
into the /var/updates directory.

5. Verify the integrity of the downloaded tar file:
# md5sum ESX-2533126.tgz

6. The md5 checksum output should match the following:
f34bd684a50a29d667bd0ea5c8c8ef63 ESX-2533126.tgz

7. Extract the compressed tar archive:
# tar -xvzf ESX-2533126.tgz

8. Change to the newly created directory, /var/updates/ESX-2533126:
# cd ESX-2533126

Installation Instructions:
Once you have downloaded and extracted the archive, and if you are in the directory you created above, install the update using the following command:
# esxupdate update

For more information on using esxupdate, please refer to the Patch Management for ESX Server 3 tech note at http://www.vmware.com/pdf/esx3_esxupdate.pdf.
中国网管联盟bitsCN.com


Note: This security patch is part of the October 2006 patch release for VI3. A second (non-security) patch is also available. Installation of these two patches is independent and you do not need to install both to be in a supported state. The other patch is available at http://kb.vmware.com/kb/2666943

TAGs     the   to   patch   and   The   you   is   of   Server   ESX   in   information      
 上一篇:Broadcom Wireless Driver Probe Response SSID Overflow   下一篇:Intego VirusBarrier X4 Definition Bypass
相关文章列表
VMware ESX Server AMD fxsave/restore Issue 评论:
loading.. 评论加载中…
评论:请自觉遵守互联网相关政策法规,评论不得超过250字。

验证码: 注册用户
本类热门排行:
1.Pubwin4免费全攻略
2.netPanzer Server DoS
3.RealVNC Authentication Bypass Scanner
4.wisi-sql.txt
5.Cisco IOS 12.x/11.x remote exploit
6.Linux Local Root
7.Firefox Javascript navigator Object Co
8.Internet Explorer Remote Command Execu
9.aircrack-ng-0.6.2.tar.gz
10.MyServer DoS (Exploit)
最新推荐文章:
1.Cheats Complete Website 1.1.1 (itemid)
2.Drinks Complete Website 2.1.0 (drinkid
3.BitDefender Online Scanner 8 ActiveX H
4.PHP < 4.4.5 / 5.2.1 (shmop) SSL RSA
5.PHP COM extensions (inconsistent Win32
6.PHP 4.4.6 crack_opendict() Local Buffe
7.Internet Explorer ActiveX bgColor Prop
8.CVSTrac 2.0.0 Post-Attack Database Res
9.GuppY <= 4.5.16 Remote Commands Exe
10.Trend Micro VirusWall Buffer Overflow
网管论坛交流:
·不疯魔不成活
·令你大开眼界的真正标准化机房,已整理重
·华为HCSE OSPF路由协议培训教材 V3.0
·为赈灾,女孩舍身拍“裸照”
·Windows Server 2003服务器群集创建和配
·exchange2k3全套官方资料
·双儿一周岁了。。。特殊的礼物来啦。。
·存储备份技术版块守则
·无盘技术交流区守则
·DOS命令基础大全之命令详解<作者吐血